The original release ran under Microsoft Windows NT. Version 2.0 also supports Windows 2000 and SunSoft Solaris.

The host-based Entercept has a centralized management console and a server-resident agent. The agent initiates communication with the management console, leaving no ports open for listening. The agent filters calls to the server OS and compares them against signatures of known attacks before it allows calls to execute.

If an improper call is identified, the agent consults security policy to determine its actions, which can range from logging and notification to terminating the session.

Attack strategy

Entercept uses signatures of specific known attacks as well as profiles of attack categories, such as buffer overflows. The new version adds Trojan horse signatures to its specific attack database.

The biggest change is the addition of specific protection for Internet Information Server from both known and unknown attacks by applying the signature method in reverse. Instead of looking for attack signatures that are excluded, it follows a signature of normal application behavior and allows only activities that fit the signature. All other activities are excluded.

Entercept uses the same process to protect itself from hackers, said Robin L. Matlock, ClickNet senior vice president of sales and marketing.

The Entercept 2.0 Web Server Edition with Internet Information Server protection is available only for Windows NT and 2000. Pricing is not yet available.